Tuesday May 13, 2008

I've just side graded (I can't really call is an upgrade or a downgrade it is just different so side grade it is) to OpenSolaris 2008.05 from Nevada build 86 on my laptop (Toshiba Tecra M2).

# uname -a     
SunOS principia 5.11 snv_86 i86pc i386 i86pc Solaris
# cat /etc/release
                        OpenSolaris 2008.05 snv_86_rc3 X86
           Copyright 2008 Sun Microsystems, Inc.  All Rights Reserved.
                        Use is subject to license terms.
                             Assembled 26 April 2008
# 

Before the side-grade I used zfs send -R | zfs receive -n to push my existing home directories and other data onto an external USB disk drive and then after the upgrade used the same trick to get the file systems back. This did get me to hit bug 6700597 (you can not use zfs send -R | zfs receive of file system that have non default mount points) which was disconcerting but easy to work around. Actually the easiest way was simply to do the backup and restore while booted form the live CD then after importing the pools you just do "zfs umount -a" so nothing is mounted. I'm now selectively pulling files and directories off the back up so that I can work but don't loose the unique OpenSolaris feel.

I have had to add OpenOffice using the new IPS system. All was very slick, not fast, but I was hammering the disk at the time restoring the ZFS file systems from the previous install and also running a ufsrestore of the old root disk so I still have every thing.

pfexec pkg install openoffice

was all that was required. I'm now getting used to the very very slightly different look and feel of OpenOffice as opposed to StarOffice which is easier than getting used to bash having been a long term ksh users. Given that the rest of the family are happy with StarOffice I don't think I will confuse things further by side-grading, actually down-grading, my home server to OpenSolaris and thus move to OpenOffice.

cjg@principia:~$ pfexec pkg install sunstudioexpress
DOWNLOAD                                    PKGS       FILES     XFER (MB)
Completed                                  10/10   8353/8353 624.55/624.55 

PHASE                                        ACTIONS
Install Phase                            11882/11882 
cjg@principia:~$

cjg@principia:~$ pfexec pkg install netbeans
DOWNLOAD                                    PKGS       FILES     XFER (MB)
Completed                                  17/17   5420/5420 339.92/339.92 

PHASE                                        ACTIONS
Install Phase                              6393/6393 
cjg@principia:~$

Sunday May 11, 2008

Once again we, Molesey BBT, rode the South Western Road Club's May ride. This year is was called the “May Flyer” the route was identical to last year but the weather was not. Today was glorious sunshine. We started off as a group but one immediately, that is within 10 yards of the start, punctured and the rest of us pushed on. By the time I got over Coombe Bottom all the other BBT riders were no where to be seen. One rider I know from the trips to Italy and France was with me and a few others I did not know. We pushed on.

After about 22 miles we were caught by three riders who had started 3 or 6 minutes behind us and so were clearly going faster than us. I decided to try and catch a wheel and see how far I could hold it for. One of the riders had blistering speed on the “flatter” sections the second I later discovered was doing the ride on the big ring and could clearly have left us all standing. The third seemed like a very good all rounder.

I managed to stay with them until the return climb up Coombe Bottom where the “all rounder” was dropped but the rider on the big ring disappeared. I was only 10 yards off the other rider at the top but He was on a mission and the drop from there to the finish suited his style being able do a fast pace.

My GPS told me I completed the ride in 4:54 for the 86.24miles giving 17.6mph.

Finally on the way home I got to be bicycle repair man to a random Lady whose chain had come off. The whole day was 104 miles and my legs certainly feel that I have had a good workout. I do really need to find out what the problem is with my right foot which became extremely painful during the ride. I was wearing my Sidi shoes. I'll try the Carnacs for a few weeks to see if that makes it better.

Saturday May 10, 2008

While I as in Aberystwyth Clive lent be a bike 12 speed Peugeot “racer” from the late '80s or early '90s marked a route on a map and told me he would meet me at a certain point where he would be running up and down the mountains. I had been forewarned so had shorts and cycling top.

Just a brilliant end to a day a 21 mile route with some real hills. The strangest thing was coping with a bike without either toe clips or “clipless” pedals. Just ordinary pedals which combined with the 42 tooth inner chain ring made the hills just a bit more challenging. The weather was everything. A few spots of rain just to remind me it was Wales but mostly warm evening sun.

Clive met me at the top of the final descent but had the decency to follow me down so I go to to ride the decent on his bike.

I tapped in the route into map my ride by hand as I foolishly did not take my GPS. It is here: http://www.mapmyride.com/ride/united-kingdom/aberystwyth/675627671205

Thanks Clive

Friday May 09, 2008

...not owning two Bromptons!

As I mentioned previously there is a rule in the house that you can only own three bikes which thankfully since the Brompton is leased not owned meant I was o.k. However the lease runs out after a year at which point the bike goes back or I can buy it. If I buy it I break the three bikes rule. Hence the problem. Simon suggested that I claim that the Brompton is not a bike, which I thought was an interesting defence but since it clearly has 2 wheels (bi) and can be cycled it would be a bicycle. Although I may yet try that defence in the future, I mean for goodness sake look at the picture. You can't ride them like that!

The other problem is that is just seems wrong not to take advantage of the bike scheme. A Tax free bike to ride, where is the downside?

So I signed on for a second year and ordered an identical model* having found a suitable home for the first one (my sister needs a brommy). When the lease runs out I'll buy the first Brompton and on the same day sell it to her so at close of business I still don't own one.

I think I may never need to have a Brompton that is more than a year old......

* It is not completely identical as the new model now has a clip that will stop the rear wheel dropping if you lift the saddle. Useful if you are man handling a bike down station steps. I can confirm it is both useful and easy to use.

Thursday May 08, 2008

I just arrived back from Aberystwyth, where at the invitation of the Campus Ambassador I was giving a talk on ZFS to the students and staff.

The thing about giving ZFS presentations and demonstrations is that they are really good fun. You don't have to overplay the point with gimics however fun they are. Or at least you don't if your audience is technical. For a start having disks fail gracefully (even if this is due to a hammer) is not new. The Solaris volume manager could cope with that. O.k it did not have double parity raid but again that is not the really cool part of ZFS. That is just cool.

The coolest part of ZFS is the ability to recover from silent data corruption. The dd over one side of a mirror demo or one disk in a RAIDZ or even 2 disks in RAIDZ2 and have ZFS survive and recover. That is really cool.

The other things that caused a noticeable drawing of breath from the audience were rollback and data sharing via snapshot and clone.

Faced with those things it is hard to underestimate the power of having those snapshots always available under the .zfs directory and the beautiful simplicity of the administration.

For an added bonus I ran the whole presentation and demo while booted from the OpenSolaris live cd. Demonstrating that if you want to play with this stuff you don't actually need to install Solaris. The only problem I had was that I could not get the nvidia driver to accept that the projector was capable of more than 640x520.

I really enjoyed the session and from the comments afterwards so did many others.

Sunday May 04, 2008

As part of the preparation for what is increasingly looking like a day of great pain when I will be riding up Ventoux, twice, well one and a half times. At 190km or 118 miles with the small matter of Ventoux stuck in the middle of it I'm beginning to get worried.

Back to todays ride. As part of the preparation I'm trying to “get some miles in” so I pre-announced that I would be going to Brighton today which if you go the direct route is almost exactly 100 miles round trip. Ie 18 less than the ride I'm training for and the only lumps being the north and south downs. The north downs can be avioded but that won't be much preparation!

No one else was game for the ride but they did escort me to the top of Pebble Coombe before going their own way. This left me with a lonely 90 mile ride where I spent the first 20 miles after they left thinking I must start to feel good some time soon and then after that dealing with the increasing fatigue. I struggled over the downs, something you can see in the early bit of the video I got of the Sea coming into view

The return leg was every bit as slow and tired as the outward leg. The only upside being that I managed to be back home at 14:05 with the GPS showing 108 miles, having left at 7:00 that is not exactly a blistering pace but at one point I was concerned I would not be back until after 15:00.

All in all unless something changes I'm going to just be pleased to finish the Ventoux ride.

Next week is the South Western Road Club's “May Flyer” which the BBT are riding however I doubt I will be “flying”! Although with a light cycling week on the calendar due the Bank Holiday and a visit I have to make may be I will be feeling top. I can dream

Update: The gps track is here: http://www.mapmyride.com/ride/united-kingdom/walton-on-thames/491796244155

Friday May 02, 2008

I've added a completely unsupported Firefox Search engine for SunSolve to this blog. It you go to the search box on Firefox while viewing this page then it will give you the option to add the search engine. For the search engine to work you have to be a registered SunSolve user and if/when SunSolve changes it could stop working.

I'm going to log an RFE for SunSolve that they include this in SunSolve itself at which point I'll delete this one.

If anyone has a better icon to use then I would be happy to include it.

Sunday April 27, 2008

Today I had preempted the decision on where to go by emailing the BBT to say I was going to the Devils Punch Bowl so that I could be sure to get some proper miles in. Six riders were at Molesey for the start with two agreeing they were not going to do the whole ride.

As I have mentioned before I love this ride. The route out is not spectacular or at least not until after Tongham, but from then on as you climb to the Devils Punch bowl it is great. Then the ride home is wonderful. The short stretch along the A3 is a bit of a pain but once the road narrows as long as you claim the lane is not bad at all.

From then on though the route is great. Even the rain and the puncture I picked up in Albury could not dampen my enthusiasm.

My speedometer claims 78.69 miles and 17.33mph average. Top speed was 40.6mph, not sure when that happened!

Saturday April 26, 2008

Now the builders have gone my hifi, with it's turntable are back. Our record collection is now an combination of four separate collections as my sister and husband was kind enough to give me theirs when they no longer had a record player. So I have been going through the duplicate albums of which the most interesting is Fleetwood Mac's Rumours.

The reason for it being interesting is not that is was and still is an excellent album or that it is one of the very few records that I now have four copies of. The interesting thing is one of those copies is different.

Side two is missing the track ¨You make loving fun¨. Instead it is replaced with ¨Songbird¨ which is then repeated on Side 2. Meanwhile the track listing in the centre of Side A is claims the last track should be ¨You make loving fun¨ while the disk contains ¨Songbird¨. The pressing claims to be "R/S Alsdorf 56344 A2". The other copies two are "56344 A" and one "56345 A4".

Here is a track listing

I wonder if this is a forgery or a mistake?

I'm surprised that google has not found me the answer. So if you have a Rumours LP what tracks does it contain?

Friday April 25, 2008

While on my holidays I was blissfully disconnected from the internet but still had to have my laptop on hand to empty my camera. This allowed me to trip over this bug that I filed on my return 6691387 which is already destined to be fixed in build 89. Result.

Wednesday April 23, 2008

Since I do really need to get fit for the Ventoux ride in June I took the long route to work today. After a few miles it began to rain but since it is not unknown for the weather on Ventoux to be inclement even in June turning back did not seem very good preparation. The rain howerver persisted for the whole ride, so much so my normal cycle computer stopped working¹. The route is essentially the same as the long route I used to ride prior to the Office Move until the turn into Christmas Pie which I don't take. Oddly only 3 miles longer however now the home run is 21 miles rather than 14 so I ended up with a 57 mile day.

The route is not especially pleasant during rush hour as there was quite heavy traffic for large sections, particularly from Chilworth onwards. There was some relief on the road through Ash Vale to Frimley as the bridge over the canal is closed to traffic but by becoming a pedestrian a cyclist can get through so there was almost no traffic up that section.

Tuesday April 22, 2008

On arriving back from my well earned holiday (yes I had a very relaxing time thank you) I see that not only is there a nice new Solaris release on our server but the server itself is no longer a power hungry SunFire box but an Eco friendly Niagra based T5220 and today is Earth Day. It's almost like we planned it!

: enoexec.eu FSS 1 $; uname -a
SunOS enoexec 5.11 snv_87 sun4v sparc SUNW,SPARC-Enterprise-T5220
: enoexec.eu FSS 2 $; 

We have actually been here before with respect to the Huron server as we tried one out for a few weeks around the time of build 83. I left the blogging of it to a colleague as it was not 100% successful or was 100% successful depending on your point of view. The system would crash regularly and finally a bug (which unfortunately is not published as it contains the way to panic an un-patched system running nevada so is marked as a “security” issue. I think this is a bit harsh) was filed and rapidly fixed. So if you are using a system to shake out bugs, which is why I use a nevada Sun Ray server at work, then this was 100% successful.

The performance of the system is well good enough. That is to say the only clue I had that something was “up” was that the performance meter I run, I know I should not but I do, get over it, looks “inverted”. We are not making a dent on the threads.

Friday April 11, 2008

Yesterday I managed to get the fix for 6686086 putback into the nevada gate and as the bug reflects the fix will be in build 88. It does show that it is possible to get things done quickly if there is the will. 24 hours from filing the bug to the fix being delivered. Yes the fix is trivial but the “paper work” still has to be done.

Thank you to the reviewers and Evaluator for being prompt.

Thursday April 10, 2008

Todays blast from the past is what do to when your NIS+, yes I did say NIS+, name space does not do what you are expecting. Contrary to popular myth NIS+ can be reliable and can scale to large deployments, so much so that there are a number of customers that do have large deployments and that does not include the two that I'm aware of in Sun. That said, even I would not advocate anyone setting up a NIS+ namespace now. LDAP is the future and the way to go.

Now back to NIS+. Today's problem was not atypical of the kind of issues you can see with NIS+ and was also an interesting as the SGRT questions or at a least the answers to the SGRT questions did not immediately lead to a resolution. The problem statement was “New users are not correctly authenticated”. So when they logged in “nisdefautlts -p” would say they were “nobody”. Having them keylogin would then, it was claimed, resolve the issue.

After a bit of questioning it was clear that either I was asking the wrong questions or the answers I was getting were not accurate or someone had installed some randomizing function into the system. Shared Shell to the rescue. I could now see with my own eyes what was going on and then suggest the next command to run without worrying about translation. It became clear that the problem was indeed random. Successive calls to “nisdefaults -p” would give different results and I would hazard a guess, although I did not confirm this, this effected all the users and all the systems.

The key to tracking this down is the NIS_OPTIONS envirnment variable which allows you to see each NIS+ call and it's return status and more interestingly in this case lets you see which server served you:

: estale.eu FSS 6 $; env NIS_OPTIONS="debug_bind debug_calls" nisdefaults -p
nis_list([auth_name=14442,auth_type=LOCAL],cred.org_dir.eu.cte.sun.com., 0x30003, 0x0, 0x0)
binding to directory cred.org_dir.eu.cte.sun.com. (parent first)
bind succeeded
create handle: DG
release otis.cte.sun.com., status = 0
status=Success, 1 object, [z=427, d=363, a=3327, c=4918]
cg13442.eu.cte.sun.com.
: estale.eu FSS 7 $; 

I got lucky with the customer and the problem fell out at the first attempt. They has half deleted a NIS+ replica server so it was still in the org_dir directory object and was still running rpc.nisd but would respond with an error when ever it was called. If you got another NIS+ server you were o.k. In a way it was a pity to get there so quickly as I never had the chance to send them this script:

#!/bin/ksh
unset dom
unset host
verbose=0
vecho()
{
	if [ $verbose -eq 1 ]
	then
		echo $@
	fi
}
while getopts vd:h: c
     do
           case $c in
          	d) dom=$OPTARG ;;
          h)       host=$OPTARG;;
	  v)	   verbose=1 ;;
          \?)      echo "USAGE ${0##*/} [-v] -h host -d domain -- command"
             exit 2;;
          esac
     done
 shift `expr $OPTIND - 1`


if [ "${host}" = "" -a "$dom" = "" ] 
then
	echo one or both of -h and -m must be used
	exit 1
fi

if [ "$dom" != "" ]
then
for server in $(niscat -o ${dom} | nawk '/Master/ { master=1 } /Name/ { if (master==1) print $3 }')
do
	echo server=$server
	vecho NIS_OPTIONS="server=$server" $@
	NIS_OPTIONS="server=$server" $@
	x=$?
	if [ $x -ne 0 ]
	then
		niserror $x
	fi
done
fi
if [ "$host" != "" ]
then
	vecho NIS_OPTIONS="server=$host" $@
	NIS_OPTIONS="server=$host" $@
	x=$?
	if [ $x -ne 0 ]
	then
		niserror $x
	fi
fi
exit 0

Which amongst other things will run the same command using each NIS+ server for a directory in turn. Great when you think something is misbehaving but can't quite put your finger on which server it is.

: estale.eu FSS 10 $; ./nis_server -d org_dir.eu.cte.sun.com nismatch [auth_name=14442,auth_type=LOCAL],cred.org_dir
server=otis.cte.sun.com.
cg13442.eu.cte.sun.com.:LOCAL:14442:10,2192,14,2703,2400,2502,2705,2194,3000,2708,826:
server=enotty.cte.sun.com.
cg13442.eu.cte.sun.com.:LOCAL:14442:10,2192,14,2703,2400,2502,2705,2194,3000,2708,826:
server=pacrim-repzone-eu.cte.sun.com.
cg13442.eu.cte.sun.com.:LOCAL:14442:10,2192,14,2703,2400,2502,2705,2194,3000,2708,826:
server=eu-repzone-eu.cte.sun.com.
cg13442.eu.cte.sun.com.:LOCAL:14442:10,2192,14,2703,2400,2502,2705,2194,3000,2708,826:
: estale.eu FSS 11 $; 
ls -l ./nis_server
-rwxr-x--x   1 cg13442  staff        910 Mar 30  2001 ./nis_server
: estale.eu FSS 12 $; 

It appears that script is 7 years old. Again the problem was not really NIS+ at all but an admin error.

Wednesday April 09, 2008

Ever since I have worked at Sun I've had a list of “usual suspects” when systems crash. Those drivers that when you got bizarre memory corruption or the system would watchdog reset or fail in other ways that you did not expect were always present, lurking, staring at you with a “accuse me if you dare” look on their face. Invariably disabling the driver would make the problem disappear but proving it was that driver took days, weeks, sometimes the proof never quite came. You know the drivers, fddi will be burned into my brain as having such a driver.

Many of those drivers turned out to be third party products that just had not taken the DDI/DKI interface to heart of feel that using memory after freeing it is just fine. how we love kmem_flags.

However I digress.

Today's problem is due two things;

1. A third party application adding a bogus entry to /etc/name_to_sysnum

2. The kernel not range checking the values in /etc/name_to_sysnum..

The result is often, but not always, a system that won't boot. What is worse is that if the system does boot then applying a patch to it can change it into a system that does not boot.

So as a small step to prevent this I have filed this bug:

6686086 System call numbers in /etc/name_to_sysnmum should be range checked.

The fix is trivial, the pain relieved enormous. The webrev is here if anyone wants to review it: http://cr.opensolaris.org/~cjg/sysnum/webrev/.

Monday April 07, 2008

I previously mentioned about modifying an underlying mirror. So if you have booted from CDROM (yes I know they are all DVDs now but at least I've stopped saying “tape”) or the network then here is how on Solaris 9¹ and above.

First get a copy of the /kernel/drv/md.conf file. Since mounting a file system in this case will result in rolling the log, even for a read-only mount, this actually breaks my rule. Which is why it is wise to keep a copy of the md.conf file somewhere safe or failing that on that USB pen drive that you have dropped behind the sofa. It will be in the back up of the root file system you have.

# ufsrestore xf cg13442@1.2.3.4:/backup/root.dump kernel/drv/md.conf
Warning: ./kernel: File exists
Warning: ./kernel/drv: File exists
You have not read any volumes yet.
Unless you know which volume your file(s) are on you should start
with the last volume and work towards the first.
Specify next volume #: 1
set owner/mode for '.'? [yn] n   
Directories already exist, set modes anyway? [yn] n
# 

If you have, like I have at home, backed up your root file system into your ZFS pool you can have a quick demonstration as ZFS gets this right when you get the md.conf, you just import the pool. You have to use an alternative root as the root is read-only so it can't create /tank:

# zpool import -R /tmp tank
# ufsrestore xf /tmp/tank/backup/root kernel/drv/md.conf   
Warning: ./kernel: File exists
Warning: ./kernel/drv: File exists
You have not read any volumes yet.
Unless you know which volume your file(s) are on you should start
with the last volume and work towards the first.
Specify next volume #: 1
set owner/mode for '.'? [yn] n
Directories already exist, set modes anyway? [yn] n
#

Now run update_drv(1M) to load the new md.conf and you are away.

# update_drv md
devfsadm: mkdir failed for /dev 0x1ed: Read-only file system

That is it. You can now access your meta devices:

# metastat
d10: Mirror
    Submirror 0: d11
      State: Needs maintenance 
    Submirror 1: d12
      State: Needs maintenance 
    Pass: 1
    Read option: roundrobin (default)
    Write option: parallel (default)
    Size: 70078473 blocks (33 GB)

d11: Submirror of d10
    State: Needs maintenance 
    Invoke: metasync d10
    Size: 70078473 blocks (33 GB)
    Stripe 0:
        Device     Start Block  Dbase        State Reloc Hot Spare
        c1t0d0s0          0     No            Okay   Yes 


d12: Submirror of d10
    State: Needs maintenance 
    Invoke: metasync d10
    Size: 70078473 blocks (33 GB)
    Stripe 0:
        Device     Start Block  Dbase        State Reloc Hot Spare
        c1t1d0s0          0     No            Okay   Yes 


d20: Mirror
    Submirror 0: d21
      State: Needs maintenance 
    Submirror 1: d22
      State: Needs maintenance 
    Pass: 1
    Read option: roundrobin (default)
    Write option: parallel (default)
    Size: 1022706 blocks (499 MB)

d21: Submirror of d20
    State: Needs maintenance 
    Invoke: metasync d20
    Size: 1022706 blocks (499 MB)
    Stripe 0:
        Device     Start Block  Dbase        State Reloc Hot Spare
        c1t1d0s1      26001     Yes           Okay   Yes 


d22: Submirror of d20
    State: Needs maintenance 
    Invoke: metasync d20
    Size: 1022706 blocks (499 MB)
    Stripe 0:
        Device     Start Block  Dbase        State Reloc Hot Spare
        c1t0d0s1      26001     Yes           Okay   Yes 


Device Relocation Information:
Device   Reloc  Device ID
c1t1d0   Yes    id1,sd@SFUJITSU_MAP3367N_SUN36G_00N024DA____
c1t0d0   Yes    id1,sd@SFUJITSU_MAP3367N_SUN36G_00N022FA____
#

There is a documents in the service database formally know as SunSolve #202794 (Previously Published As 75210) which claims you need to unload the md driver for Solaris 10 you don't. I am updating that document.

Sunday April 06, 2008

I was recently asked what the home server serves. So here is the list:

1. NAS server. NFS and CIFS (via SAMBA). There is a single Windows system in the house which is increasingly not switched on. NFS for the two laptops that frequent the network. All supported via ZFS on two 400Gb drives with literally thousands of snapshots,44170. Space is beginning to get short thanks to the 10Mega pixel SLR camera so in the not to distant future a disk upgrade will be required.

2. Sun Ray server. There are (currently) three Sun Rays. One acts as a photo frame and has no keyboard or mouse. The other two provide real interactive use. I can foresee a situation where we have two more Sun Rays.

3. Email server. SMTP and IMAP via exim and imapd respectively. Clearly this implies spamassassin and and antivirus scanner, clamAV.

4. SlimServer. I've just run up a slim server to get better access to internet radio stations. Having a radio player that I can hook up to the hi-fi that is not DAB, ie crap¹, would be good. I feel a squeezebox coming soon.

Just occasionally and every time I ran up VirtualBox the system would struggle to cope prior to the CPU upgrade even when using the Fair Share Schedler. Since the upgrade it has not had any problems with having us all using it.

Last week I got up early as the clocks moved forward for Summer time. This week....

so no cycling today, except on the triplet to move kids around.

If you place an order on an internet shop for something you need and then too reduce the shipping costs add to that order something you want, the thing you want will arrive before the thing you need.

The thing you need will arrive after you really first needed it.

Friday April 04, 2008

One of the great benefits of running Sun Rays at home is having the sessions always there. Just plug in the card and you get your session as if you were never away. However that also allows you to leave an application chewing CPU cycles when you are away. So to keep the interactive experience as good as possible I employ the same techniques described in “Using Solaris Resource Manager With Sun Ray” blueprint. For a long while I've wondered why IT don't do this. The keepers of our Sun Ray do and it works a treat. Which is a good thing when you share a Sun Ray Server with Tim.

Instead of setting the number of shares up to a specific value I use a multiplier so that those active on a Sun Ray get 10 times the number of shares that they would by default. While this works well it still leaves a significant load on the system from certain applications, specifically flash animations that are left running endlessly playing the games that were being played when the users card was removed. The fair share scheduler does it's thing to make CPU allocation fair but the memory use of those otherwise idle firefox sessions is significant.

So I've taken a leaf out of the BOFH and apply some special sanctions to those processes. Alas I may not get a job with the BOFH as my sanctions are simply to pstop(1) the copies of firefox associated with the user and DISPLAY when they detach and then prun(1) them when the user reconnects. I wondered about using memory resource caps to limit the memory but that would leave the systems rcapd(1M) battling the memory usage of the firefox processes which are not displaying anything anyway. In the unlikely event that any of the users are using their firefox sessions to simulate nuclear fission or crack SSL so would rather they kept running I'm sure they will get back to me.

So the script I have for doing this is slightly more complex than the one from the Blueprint. Since it has to err on the side of caution when stopping users firefox sessions. To do that it uses pargs(1) to make sure that the firefox session